Back to skill
Skillv3.0.2
VirusTotal security
Self-Learning Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:19 AM
- Hash
- 64062e77dcaa5615080027c43a99065cd6336167f52f90aa056db0bd27323c33
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: self-learning-skill Version: 3.0.2 The skill bundle implements a 'self-learning' system that directs the AI agent to act autonomously ('not waiting for instructions') and proactively search for authentication tokens across multiple sensitive filesystem locations (e.g., `~/.github-token`, `~/.openclaw/`) and environment variables. While these behaviors are framed as improvements to the agent's deployment reliability and problem-solving capabilities in SKILL.md and EXAMPLES.md, they establish a pattern of behavior identical to credential harvesting. The combination of autonomous execution directives and specific instructions to locate and use sensitive secrets without direct user oversight represents a significant security risk, although no explicit exfiltration endpoints were identified.
- External report
- View on VirusTotal